Talos Vulnerability Report

TALOS-2017-0297

Corel PHOTO-PAINT X8 64-bit TIFF Filter Code Execution Vulnerability

July 20, 2017

CVE Number

CVE-2017-2803

Summary

A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version.

One value [0] comes from a table of numbers from within the binary itself, whose offset is directly affected by file data. The other [1] comes from a calculation based on the file data itself. Because the attacker can force [1] to be less than [0], the underflow can be triggered, causing a large size to be passed to memset [3].